Back To Schedule
Friday, February 6 • 15:50 - 17:20
DNSSEC deployment from server and client side

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

DNSSEC has been here for some time. But what it means to deploy it on the server? What is needed to keep your domain secured? There are a lot of manual and semi-automated tasks administrators need to do. This is where FreeIPA steps in and makes the deployment and maintenance of DNSSEC signed zone easy as few clicks in Web UI. Once you deployed DNSSEC on the server side, there is still some work to have your clients secured, too. Especially when using public hot-spots and networks, you should use secured DNS to eliminate man-in-the-middle attacks.

In the lab we will briefly explain how DNSSEC works. Afterwards we will deploy a signed zone using only BIND and also BIND + FreeIPA combination. We will show how FreeIPA can ease your pain with DNSSEC deployment. In the end we will try out the DNSSEC from client side using dnssec-trigger and unbound server, to keep you secured at all times.

Note: We will need at least 2 hours (2,5 maybe)

avatar for Tomas Hozza

Tomas Hozza

Principal Software Engineer, Red Hat
Tomas is a Principal Software Engineer at Red Hat's Image Builder team, where he explores the mysteries of building OS images for various footprints. In his free time, Tomas likes to code in Python 3 and play with various IoT devices and sensors. When he's not sitting behind the computer... Read More →

Petr Spacek

Petr is a Software Engineer at Red Hat, mainly focused on DNS and its integration to other systems. Petr’s goal is to make DNSSEC deployment as easy as running one command.

Friday February 6, 2015 15:50 - 17:20 CET
Workshops – E105

Attendees (0)